SYSTEM AND METHOD FOR SECURING INFORMATION, INCLUDING A SYSTEM 
AND A METHOD FOR SETTING UP A CORRESPONDENT PAIRING 

Related Patent Application; 

The present application claims the benefit of U.S. Provisional Patent Application no. 
60/439,493, filed January 13^ 2003 and entitled "ENCRYPTION/DECRYPTION CARD". 
The whole content of this provisional application is hereby incorporated by reference. 

Field of the Invention: 

The invention relates to a method and a system for securing sensitive information. It further 
relates to the messagmg of such sensitive information between two users in an electronic 
format. It also relates to a method and a system suitable for a correspondent pairing for 
sensitive information communication. 

Background of the invention: 

Securing the information to exchange is an important aspect of communication nowadays; 
sensitive data must be kept secret from unauthorized persons. Accordingly, many techniques 
and systems have been developed with this objective in mind. Some techniques relate to 
securing conununication means while others relate to securing the data communicated. The 
prior art that is the most worthy of mention in accordance with the present invention consists 
of the two following documents. 

The first prior art, "PUBLIC KEY INFRASTRUCTURE (PKI) BASED SYSTEM, 
METHOD, DEVICE AND PROGRAM", developed by Asanoma et al., is available as U.S. 
publication no 2003/0056099. This U.S. patent publication discloses a system for the 
distribution of smart cards (a.k.a. IC cards) that includes an authentication certificate and 
encryption/decryption capabilities based on a public key and a secret key. The system 
described in the present document has the advantage, over the prior art, of saving time and 
labor involved in the collection and redistribution of smart cards done in order to update a 
private key and a public certificate. 



(005) The second relevant prior art worthy of mention is "INFORMATION PROCESSING 
SYSTEM HAVING FUNCTION OF SECURELY PROTECTING CONFIDENTIAL 
INFORMATION", developed by Shimizu et al., and available as U.S. Patent no 6,085,323. 
This U.S. patent discloses an encryption system wherein the encryption process is completed 
by two distinct devices. A first device, namely a computer, establishes a first encryption key 
and encrypts sensitive data with this first key. The first key is transmitted to a second 
encryption device, namely a smart card, which encrypts the first key with a second 
encryption key and transmits the encrypted first key to the first encryption device. The first 
encryption device is also composed of correlation storage means for correlatively storing the 
encrypted sensitive data and the encrypted first key. 

(006) Although the above prior art provides a certain level of security for sensitive data and 
efficient certificate management, fiirther improvement is desirable in these fields of 
technology. 

Objects of the Invention: 

(007) Accordingly, an object of the invention is to provide a higher security level for sensitive data; 
once secured, this sensitive data is either stored in a storage means with a lower security level 
or is transmitted through a communication means with a lower security level. 

(008) Another object is to ensure that secret mformation is always secure. In other words, the 
present object is to prevent the unwanted communication of secret information, regardless of 
the device receiving the secret information. 

(009) Yet another object is to communicate information with two sensitivity levels without 
mcreasing the required information processing. 

(0010) Providmg a method and a system for the authentication of users' systems to vAnch the 
sensitive information has to be transferred while preventing the unwanted communication of 
any secret information is another object of the present invention. 
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(001 1) Another object is to establish pairing between users' systems that exchange secured sensitive 
information. 

Summary of the Invention: 

(0012) The invention comprises a First Information Processing System (FIPS) and a Second 
Information Processing System (SIPS) operating together to encrypt, to decrypt, or to 
complete a correspondent pairing process with another FIPS and SIPS combination. 

(0013) In this specification, the term "First Information Processing System (FIPS) " is intended to 
mean a system for which limited security level is available. For instance, this system may be 
a personal computer protected with firewalls and passwords, as illustrated on figure 1. Other 
examples of this type of systems are handheld computers, cell phones, wireless 
conmiunication devices, and fax machines. These systems typically allow users to generate, 
to access, to store and/or to communicate sensitive data. 

(0014) In this specification, the term "Second Information Processing Systam (SIPS"" is intended to 
mean a system for which limited security level is available. For instance, this system may be 
a personal computer protected with firewalls and passwords, as illustrated on figure 1. Other 
examples of this type of systems are handheld computers, cell phones, wkeless 
communication devices, and fax machines. These systems typically allow users to generate, 
to access, to store and/or to communicate sensitive data. The SIPS 12 is a system providing a 
higher security level. A typical example of this kind of system is composed of highly-secured 
smart cards, or IC cards as illustrated on figure 1. This kind of system can prevent any 
unauthorized person &om reading stored information. It may be, and ideally is, effective in 
preventing many kinds of attacks, such as Timing Attack, Power Analysis Attack, etc. The 
SECURE CRYPTOGRAHIC DEVICE described in European patent application no EP 1 
217 783 by Myazaki et al. is a good example of an embodiment suitable for the realization of 
the SIPS in the present invention. 
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(0015) For an encryption process, the SIPS essential functionalities are communication means; 
storage means that store a public key, correspondent data, and a plurality of keys and key 
identifiers; and encryption means. The essential fimctionalities of the FIPS are 
commimication means, correspondent selection means, key generation means, encryption 
means, and storage means. 

(0016) The encryption process comprises the reception of a correspondent selection, the generation 
of a first key, the encryption of the sensitive data using the first key, the encryption of the 
first key using an identified correspondent key, the encryption of an identified correspondent 
key identifier using a public key, the integration of the encrypted sensitive data, the 
encrypted first key and encrypted key identifier together. 

(0017) For the decryption process, the SIPS functionalities are communication means; stor^e 
means that store a public key, correspondent data, and a plurality of keys and key identifiers; 
and decryption means. The functionalities of the Fff S are storage means, extraction means, 
conmiunication means, and decryption means. 

(0018) The decryption process comprises the extraction of the information from the integrated 
sensitive data, Ae decryption of a key identifier using the public key, the decryption of the 
first key using the key associated key identifier, and the decryption of the sensitive data using 
the first key. 

(0019) The pairing process consists in ensuring that two SIPSs have the same pairing data, therefore, 
a same key and key identifier combination for the correspondence between the two SIPSs. 

Brief Description of the Figures: 

(0020) A thorough understanding of the invention should be available in light of the following 
description of the invention and of the accompanying figures, wherein: 

(0021) Figure 1 is a schematic illustration of a realisation of the invention, including First, a Second 
Information Processing Systems, a networked system including storage means, and a remote 
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setting means; 

(0022) Figure 2 is a schematic block diagram illustrating FIPS encryption components; 

(0023) Figure 3 is a schematic block diagram illustrating SIPS encryption components; 

(0024) Figure 4 is a flow chart illustrating the authentication process; 

(0025) Figure S is a schematic representation of an authentication window; 

(0026) Figure 6 is a schematic representation of FIPS stored data; 

(0027) Figure 7 is a flow chart illustrating the correspondent selection process; 

(0028) Figure 8 is a schematic representation of a window suitable to select a correspondent; 

(0029) Figure 9 is a flow chart illustrating the encryption process; 

(0030) Figure 10 is a schematic representation of a window displayed during the encryption process; 

(003 1) Figure 1 1 is a schematic representation of alternative FIPS stored data; 

(0032) Figure 12 is a schematic block diagram illustrating FIPS decryption components; 

(0033) Figure 13 is a schematic block diagram illustrating SIPS decryption components; 

(0034) Figures 14a and 14b is a flow chart illustrating the decryption process; 

(0035) Figure 15 is a schematic block diagram illustrating the setting means; 

(0036) Figure 16 is a flow chart illustrating the FIPS setting up process; 

(0037) Figure 17 is a flow chart illustrating users* codes exchange; 

(0038) Figure 1 8 is a flow chart illustratmg a correspondent pairing process; 

(0039) Figure 19 is a flow chart illustrating a the key pairing process of the correspondent pairing 
process of Figure 18; 

(0040) Figures 20a and 20b is a flow chart illustrating a group pairing process; 

(004 1 ) Figure 2 1 is a flow chart illustrating a new group member joining an existing group through a 
pairing process; 

(0042) Figure 22 is a schematic block diagram summarizing a FIPS suitable for encryption, 
decryption and correspondent pairing; and 

(0043) Figure 23 is a schematic block diagram summarizing a SIPS suitable for encryption, 
decryption and correspondent pairing. 

Detailed Description of the Invention: 

(0044) The main object of the invention is to allow users to share secured sensitive data. To reach 
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this object, a series of processes are required and are hereinafter described in details. In the 
first of these processes, the first user secures such sensitive data. In the second process, the 
second user accesses and reads the secured sensitive data. The third process allows the 
setting up of relationships (correspondent pairings) between users* systems for the 
communication of these secured sensitive data. 

1. General Description of Securing Components 

(0045) The first object of the invention is to secure sensitive data. To attain that object, the invention 
illustrated on figure 1 comprises two components: a First Information Processing System 
(FIPS) 10 and a Second Information Processing System (SIPS) 12. The FIPS 12 is a system 
for which limited security level is available. For instance, this system may be a personal 
computer protected with firewalls and passwords, as illustrated on figure 1. Otiier examples 
of this type of systems are handheld computers, cell phones, wireless communication 
devices, and fax machines. These systems Qrpically allow uscts to generate, to access, to 
store and/or to communicate sensitive data. The SIPS 12 is a system providing a higher 
security level. A typical example of this kind of system is composed of highly-secured smart 
cards, or IC cards as illustrated on figure 1 . This kind of system can prevent any unauthorized 
person from reading stored information. It may be, and ideally is, effective in preventing 
many kinds of attacks, such as Timing Attack, Power Analysis Attack, etc. The SECURE 
CRYPTOGRAHIC DEVICE described in European patent application no EP 1 217 783 by 
Myaizaki et al. is a good example of an embodiment suitable for the realization of the SIPS in 
the present invention. 

(0046) In order to secure sensitive data, the FIPS and the SIPS complete three general processes: the 
authentication of the system usct, the selection of a correspondent, and the securing of 
sensitive data. According to these three general processes, flie systems are hereinafter 
described further widi a detailed depiction of these processes. 

2. Authentication 

(0047) The system-user authentication process ensures a rightful utilization of the systems. 
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Accordingly, only the authorized persons may secure sensitive data with the present 
invention. Furthermore, depending on system configuration, authorized utilization may be 
limited to a single user or be available to a plurality of users who may or may not have the 
same freedom of use. 

2.1. Authentication - Structural Description 

(0048) In order to complete that authentication process, the FIPS 10 illustrated on figure 2 comprises 
authentication means 20 and communication means 22. The SIPS illustrated on figure 3 also 
comprises authentication means 40, communication means 42, and storage means 44. The 
PEPS authentication means 20 allows a user to provide identification data. This data may be 
in an informative format (such a usemame and a password), a biometric format (such as a 
finger print, a voice print, etc.), or any other suitable format. The object of the 
communication means 22 and 42 is to provide a communication link between the systems 10 
and 12. The SIPS authentication means 40 verifies provided authentication data; authorizes 
the SIPS use; and, when available, identifies a corresponding available use level. Such use 
level may be to determine correspondents among the stored correspondents, these 
correspondents being available to complete the following sensitive data securing process. 

2.2. Authentication - Process Description 

(0049) To complete the authentication process, illustrated on figure 4, the typical steps are as 
follows. The user establishes a communication between the systems (step 60). Typically, the 
user accomplishes this step by inserting the SIPS (smart card) into a card reader. In the 
following step, the PIPS display prompts the user to provide identification data. An example 
of the prompting screen is illustrated on figure 5. In the present example, the user enters a 
usemame and a password (step 62). These identification data are transmitted to the SIPS 
authentication means (step 64). The SIPS authentication means seeks matchmg information 
among the identity data in the SIPS storage means (step 66). If no matching data are found, 
the SIPS authentication means transmits an "Authorization Refusal" signal to the FIPS 
authentication means (step 68). The SIPS also updates a count of erroneous-identification 
data (step 70). The user is informed that he has entered erroneous-identification data and is 
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invited to enter new ones (step 62). The process repeats itself up xintil a matching 
identification datum is foxmd, or the erroneous identification data count reaches an 
unauthorized threshold. If this threshold is reached, the SIPS authentication means orders the 
FIPS authentication means to end the current user session (step 72). The SIPS authentication 
means generates an unlocking code (step 74), which is also transmitted to the FIPS 
authentication means (step 76). The latter informs the user to communicate with an unlocking 
authority to get a new access code. If a matching datum is found, the SIPS authentication 
means signals an "authorization" to the FIPS (step 78), v^ch starts a correspondent selection 
process. 

3. Correspondent Selection 

(0050) The objective of securing sensitive data is to allow the safe exchange of this sensitive data 
between two users' systems: a sender's and a receiver's system. Depending on the needs, the 
sender and the receiver may be different persons or the same person at different times; 
moreover, the receiver may be a single person or a group of persons. However, the object is 
to prevent any person other than these users to access the sensitive data. Only the users have 
the privilege of allowing a party who is not a user to read the sensitive infomiation. This 
privilege may be limited by means, which are not described in the present document. 

3.1 Correspondent Selection - Structural Description 

(0051) In order to complete that process, the FIPS 10 - figure 2 further comprises coirespondent 
selection means 24. The SIPS 12 - figure 3 also comprises, for its part, coirespondent 
selection means 46. The SIPS storage means 44 stores useful data necessary for the process. 

(0052) In order to provide a thorough understanding of the process, an example of suitable data 
structure stored m the SIPS storage means is included. As illustrated on figure 6, the SIPS 
comprises correspondent identifications 88. Some correspondent data identify users are 
single persons 88a, while others are groups 88b. However, whatever the type of users 88, the 
data is processed in exactly the same way. The data table illustrates each correspondent 88 
with his associated encryption key 90 and his unique encryption key identification 92. 
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3.2 Correspondent Selection - Process Description 

(0053) As stated above, when the authentication process is successfully completed, the 
correspondent selection process, illustrated on figure 7, starts. As a result, the SIPS transnuts 
the list of correspondents firom its storage means to the FIPS correspondent selection means 
(step 100). The FIPS displays the list of correspondents (step 102). Figure 8 illustrates a 
typical window that displays a plurality of potential correspondents (step 104). Typically, the 
user selects with a mouse click one listed correspondent, which becomes the correspondent 
selection. Then the correspondent selection window closes. The FIPS transmits the selection 
to the SIPS correspondent selection means (step 106). The correspondent selection means 
identifies a correspondent key B and key B identifier in the storage means (step 108). The 
correspondent selection means also identifies a public key S (also step 108). The securing 
process is then ready to begin. 

4. Encryption 

(0054) Once the authentication and the correspondent selection processes are completed, the next 
process is to secure the sensitive data. According to the invention, the sensitive data will be 
rightfiilly secured after this process, and only the designated user(s) (established through the 
correspondent selection) will be able to access the unsecured sensitive data. The sensitive- 
data securing process consists encrypting the data following the principle of the present 
invention. Furthermore, according to the invention, sensitive and non-sensitive data may be 
transmitted to the receiver's system, with only sensitive data being secured. A result of this 
process is to allow the insertion of an ((Information message)) presented in plain text 
informing the non-designated users that the secured data content is confidential and that any 
attempt to read the content without the sender's authorization constitutes a fraud. 

4.1 Encryption - Structural Description 

(0055) Accordingly, the FIPS 10 illustrated on figure 2 comprises storage means 26, encryption 
means 28, key designation means 30, and secured data integration means 32. The SIPS 12 
illustrated on figure 3 further comprises encryption means 48 and secured data integration 
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means 50. The FIPS key designation means 30, in a first realization, randomly establishes an 
encryption key. The FIPS encryption means 28 uses this randomly established key to encrypt 
the sensitive data mto temporarily secured data. The SIPS encryption means 48 encrypts the 
FIPS originating key and key identifier as hereinafter described. The FIPS secured data 
integration means 50 generates, at the end, a secured sensitive data based on both the PIPS 
and SIPS information. 

4.2 Encryption - Process Description 

(0056) The steps to complete the encryption process illustrated on figure 9 are as follows. After the 
selection of a correspondent, the FIPS opens a securing software window. An example of 
such a wmdow is illustrated on figure 10. Through this vmdow, the user selects the sensitive 
data to be secured (step 120). Then, the FIPS temporarily stores the sensitive data in its 
storage means. The FIPS establishes a first encryption key A (step 122). This encryption key 
A changes every time a securing process is performed, and is ideally establi^ed regardless 
of the selected correspondent, or any other system state. On the basis of this key A, the FIPS 
encryption means encrypts tibe sensitive data into temporarily secured data and stores it in Ae 
FIPS storage means (step 124). The FIPS communicates the key A to the SIPS (step 126). 
The SIPS encryption means encrypts the key A using the key B (step 128) that corresponds 
to the selected correspondent identified key. The result is a secured key A. The SIPS 
aicryption means also encrypts the identified key B identifier using the public key S (step 
130). The result is a secured key B identifier. The SIPS secured data integration means 
integrates these secured data into a single secured key data (step 132). The secured key data 
is transmitted to the FIPS (step 134), which temporarily stores it in its storage means. At the 
end, the FIPS secured data integration means integrates the temporarily secured data, the 
secured key data, and any non-secured non-sensitive data that the user may want to include 
into an integrated secured data (step 136). This integrated secured data is stored on the FIPS 
storage means (step 138) and is ready to be communicated. 

(0057) In a preferred realization, any trace of unsecured sensitive data, temporary secured data, and 
secured key data is erased &om the FIPS storage means. Consequently, someone fiaudulently 
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gaining access to the FIPS would not be able to access the sensitive data. 

(0058) Many additions to the above processes are available. The encryption algorithm used by the 
FIPS and the SIPS encryption means 28 and 48 can be identical or not. For instance, the FIPS 
encryption means 28 may use a 3-DES algorithm while the algorithm used by the SIPS 
encryption means 48 can be an RSA algorithm. The FIPS key designation means 30 may use 
many ways to establish a key: at random, among a list, on the basis of data characteristics, on 
the basis of the encryption time, etc. It may select different algorithms from one securing 
operation to another. The same applies to the SIPS. The established key may be a single key 
or a series of keys processed in a predetermined manner. The key B identification may 
identify a correspondent key set and a correspondent key among a key set. Figure 11 
illustrates a suitable data structure for this latter realization, A public key may be established 
on the basis of unsecured data in the integrated secured data, for instance the generation time. 
The SIPS 12 may include puzzling means that inserts incoherent information in the 
communication for the FIPS in order to hinder the understanding of communications between 
the systems. This incoherent information may or may not be included in the integrated 
secured data. The puzzling means may also scramble mformation (change information 
order), or may input power fluctuation. 

(0059) A variation is to allow the SIPS 12 to encrypt highly sensitive data, or any sensitive data 
when the amoimt of such sensitive data remains under a predetermined volume threshold. 
The data encrypted with the SIPS 12 is more highly secured. However, it typically requires 
more processing time to encrypt data with the SIPS 12 than it does with the FIPS 10. 
Accordmgly, a balance between the sought-after security level and processing tune must be 
reached. A common solution is to limit the use of SIPS 12 with its stronger encryption 
algorithm to the processing of less voluminous data. 

(0060) It must be noted that the only secret datum communicated from the SIPS 12, therefore in a 
less secure environment, is the key B identifier (in a secured form). Although someone 
knowing the public key S may gain knowledge of the key B identifier, it is useless without 
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knowledge of the SIPS stored keys. Accordingly, the mvention requires a hacker to monitor 
the FIPS 10 when the encryption is performed to read the unsecured sensitive data- 
Otherwise, someone gaining possession of integrated secured data afterwards would have to 
find the randomly established key A for each secui^ mtegrated data. 

(0061) Furthermore, not even the SIPS owner has any knowledge of the keys. These are securely 
stored in the SIPS when it is set Afterwards, no one can gain access to these keys. 

S. Messaging 

(0062) The object of securing sensitive data is to share it with a user (a receiver). Accordingly, the 
integrated secured data must be conununicated to the user in an appropriate manner. The 
recipient (or receiver) may automatically receive integrated secured data or manually retrieve 
it through a predetermined process. 

5.1 Messaging - Structural Description 

(0063) For that object, the FIPS 10 comprises at least one communication means 22 for out-system 
communication, or storage means 26 for storing the secured sensitive data to be later 
retrieved by the receiver. Each one of these components allows the sender to transmit, or to 
store, the integrated secured data m order for the selected recipient (receiver) to retrieve the 
integrated secured data, to convert it m a readable format, and to read the sensitive data. 
Afterwards, if the recipient (receiver) deems it appropriate, he may transmit the sensitive data 
to another xiser, in a secured manner or not 

(0064) The FIPS may comprise automatic deletion means to delete the sensitive data automatically 
once secured. The FIPS may also comprise communication control means closing 
iinnecessary communication means when appropriate. It may also comprise anti-spy means 
to prevent any monitoring of data by any fiaudulently mstalled spying agent during the 
securing process. 

5.2. Messaging - Process Description 
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(0065) The sender may transmit the integrated secured data m two ways: by storing the integrated 
secured data locally on a storage means, or by storing the integrated secured data on another 
system storage means. This second solution may be realized through LAN communication, 
such as email. However, many other messaging alternatives are available. 

6. Decryption Process 

(0066) According to the communication process, the receiver may have to retrieve the integrated 
secured data, or may have to gain access automatically to the integrated secured data. Since 
this step offers many possibilities, none of vAdch are characteristic of the invention, it is not 
described in details. In consequence, the following description takes for granted that the 
integrated secured data was ready for decryption when it reached the receiver, 

6, 1 . Decryption Process ~ Structural Description 

(0067) The system components required for the decryption process are very similar to the ones used 
for the securing process. Furthermore, a typical realization of the invention comprises both 
the encryption and the decryption components mto the same system combination. 

(0068) The receiver systems are similar to enciyption systems: a First Information Processing 
System (FIPS) 10 - figure 12 and a Second Information Processing System (SIPS) 12 - 
figure 13; both systems 10 and 12 include similar components as for the encryption process, 
except the encryption means 28 and 48 being replaced by decryption means 34 and 54 and 
the secured data integration means 32 and 50 being replaced by secured data extraction 
means 36 and 56. 

(0069) The process of decrypting integrated secured data includes retrieving the integrated secured 
data, authenticatmg the user, and decrypting the integrated secured data. The data-retrieving 
step is not described, as stated above. 

7. Authentication 

(0070) The authentication process requires the same system structures as stated in the description of 
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the securing process. The FIPS 10 therefore comprises authentication means 20 and 
communication means 22. The SIPS 12 comprises authentication means 40, communication 
means 42, and storage means 44. 

(0071) The authentication process follows exactly the same steps as the ones listed for the securing 
process: establishing a communication link; providing identification data; and signaling 
successful authentication process. When all these steps are completed, the decryption process 
begins. 

8, Decryption 

(0072) Following the authentication, a securing software window opens on the FIPS display. The 
user selects a decryption option, discloses the integrated secured data to the software, and 
commands its decryption to the software. This conmiand initiates the decryption process. 

8.1. Decryption - Structural Decryption 

(0073) To complete the decryption process, the FIPS 10 requires components functionally similar to 
the ones of the sender's FIPS 10: a storage means 26 in which the integrated secured data is 
stored, secured data extraction means 36, decryption means 34 and communication means 
22. The SIPS 12 requires decryption means 54, storage means 44, secured data extraction 
means 56, and communication means 42. In the SIPS storage means 44, the data allowing 
decryption of the integrated secured data must be available; the public key, the correspondent 
key identifier, and the associated correspondent key used during the encryption process of the 
sensitive data must be there to efficiently perform the decryption process. 

8.2. Decryption - Process Description 

(0074) Decryption can be divided into a plurality of subsequent steps: extraction of necessary data 
fiom the integrated secured data, extraction in the SIPS of the key used to encrypt sensitive 
data, and decryption of the sensitive data. 

8.2.1. Data Extraction from the Integrated Secured Data 
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(0075) Once the integrated secured data is identified by the decryption program (step 160 - figure 
14), the program stores the integrated secured data into its storage means. Afterwards, the 
secured data extraction means extracts the diverse types of data integrated during the 
encryption process (step 1 62). This data is identified in a predetermined way, for example, on 
the basis of its position between predetermined strings or at the beginning or at the end of the 
integrated secured data. The non-sensitive data is displayed on the FIPS screen (step 164). 
The FIPS communicates the secured key data to the SIPS (step 166). 

8.2.2. Key Extraction 

(0076) When receiving the data, the SIPS stores it into its storage means. Then, the secured data 
extraction means extracts the encrypted key identifier (step 168). The decryption means uses 
the known public key S to decrypt the key identifier (step 170). The key identifier is 
compared to the identifier list in the storage means to identify the associated key (step 172). 
If no key identifier match is found, the SIPS transmits an error signal to the FIPS (step 174), 
which displays a message mforming the user that the decryption has failed (step 176). If a 
key identifier match is found, the decryption means uses the identified associated key to 
decrypt the remaining part of the data (step 178). When decrypted, the result is a decryption 
key A that is signaled to the FIPS (step 180). 

8.2.3 . Sensitive Data Decryption 

(0077) The FIPS decryption means uses the signaled key A to decrypt the extracted secured 
sensitive data provided by the secured data extraction means (step 182). Accordingly, the 
decryption means provides unsecured sensitive data to the xiser (step 184), which can be 
handled at the user discretion. It includes accessing the sensitive data, storing it, etc. If access 
to the sensitive data must be restricted for the receiving user, the degree of fixedom is 
controlled through other means, such as the sensitive data format, which is not part of the 
invention. 

9. System Setting 

(0078) The present invention allows the establishment of secured communication between users in a 
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less expensive and more secure way than by configuring a highly secured conununication 
link between users. However, this process requires setting up secured sending\receiving 
systems for the communication link (secure SIPSs). In other words, it requires pairing SIPSs 
to allow them to securely exchange sensitive data. 

(0079) The system also allows users having compatible SIPSs to autonomously pair themselves to 
allow operations of conununication between them. 

(0080) Accordingly, the preferred invention realization includes a first SIPS setting process during 
which keys are stored. During this process, users may be paired or not. It is the initial SIPS 
setting process. 

(0081) Afterwards, when required, users may autonomously pair themselves without having to get a 
new SIPS. It is the dynamic SIPS pairing process. 

10. Initial SIPS Setting 

(0082) The mitial SIPS setting is the process during which all SIPS components are set in a suitable 
means, usually an IC card. Depending on the requirements, some components may aheady be 
present in the means (for instance, hard wired) and some of them may be installed during the 
process (for instance, set by downloading suitable program code in the SIPS). Data stored in 
the means include keys, key identifiers, authentication data, etc. If pairing is also set, then 
correspondence data are also included. 

10.1 Initial SIPS Setting - Structural Description 

(0083) To complete the initial SIPS setting, a setting means 14 ^ figure 1 is provided and illustrated 
on figure 15. It comprises storage means 190 and conmiunication means 192. The 
communication means 190 establishes communication with SIPSs. The storage means 190 of 
the setting means stores all data that must be communicated to a SIPS at its initial setting. In 
order to prevent any security breach, the setting means has the highest security level possible; 
it is therefore remote fiom any unsecured network (and usually not linked to any network). 
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10.2. Initial SIPS Setting - Process Description 

(0084) The initial setting process illustrated on figure 16 starts with establishing communication 
between the setting means and the SIPS (step 200). The means and the SIPS communicate 
through a particular protocol reserved for the setting process. During the setting process, the 
setting means communicates to the SIPS the data the latter needs to set the required means 
that must be installed (step 202). For example, die deoyption means may be either hard 
wired or uploaded by die setting means. The list of the means that may be provided by the 
setting means comprises the authentication means, the encryption means, the decryption 
means, the correspondent selection means, and the secured data integration and extraction 
means. Additionally, the setting means stores, in the SIPS, a set of data (step 202) that 
comprises SIPS identification (if not already set, then storing it in association with cunent 
SIPS data), authentication data, public key, correspondence data (if any are already 
determined), key identifiers, keys, ... When all tiiese data have been transferred in the SIPS, 
the SIPS is set (step 204). The SIPS is given to a user. 

(0085) Figure 6 illustrates, in an understandable format, suitable information stored in the SIPS 
storage means. As illustrated, it comprises SIPS identification 82, authentication data 84, 
public key 86, correspondence data 88, key identifiers 92, and keys 90. It fiirther comprises 
pointers 84, which operatively associate key identifiers 92 witii keys 90. Some keys 90c and 
key identifiers 92c are not associated with correspondence data 88; they are available for 
dynamic pairing. This process will be explained later. Between two SIPSs, there is at least a 
predetermined portion of keys 90 and key identifiers 92 that are common. Nevertiieless, it 
does not mean tiiat a particular key identifier 92 is or will be associated with tiie same key 90 
on two SIPSs; it only allows efficient pairing. In the example, die keys 90a-b and key 
identifiers 92a-b of the A and B categories are paired while the C category keys 90c and key 
identifiers 92c are not. It bears repeating diat keys 90 and key identifiers 92 are only known 
by die storing SIPS and the setting means. 

1 1 . Dynamic SIPS Pairing 



14296-27US 



-17- 



(0086) The need of a dynamic SIPS pairing occurs when two or more SIPS owners want to establish 
a secure communication, but they have not been paired during the initial SIPS setting process 
or previously paired dynamically. When two SIPS owners want to pair their SIPSs, the 
process is accomplished through a smgle correspondent addition. If more than two SIPS 
owners are involved, a group pairing process can be initiated. 

1 L 1 . Dynamic SIPSs Pauing - Single Correspondent Pairing 

(0087) When two users want to establish a pairing between their systems, as illustrated on figure 1 7, 
the process starts with the two users commonly establishing a pairing code (step 210). Each 
user, through a FIPS pairing program, enters the pairing code into his SIPS (step 212), which 
returns a correspondence code (step 214). Each user gets a different correspondence code, 
which must be transmitted to the other user (step 216). The above process represents the only 
human interaction of the whole process whereby the correspondent identification is ensured. 

(0088) Afterwards, as illustrated on figure 18, the users must establish communication between the 
SIPSs through their PIPS pairing program (step 218). The authentication step is required as 
for any SIPS use. Once the authentication successfully completed and the communication 
established between the SIPSs, a user enters the other user's transmitted correspondence code 
into the program (step 220). Each SIPS generates a verification code based on the entered 
correspondence code. On the basis of the codes, a SIPS is established as the leader SIPS 
while the other is the follower SIPS. The leader SIPS receives the verification code fix)m the 
follower SIPS (step 222) and also compares the verification codes (step 224). If the 
verification codes match, pairing is allowed, otherwise, pairing is denied and its failure is 
signaled to the users' FIPS (step 226). 

(0089) The leader SIPS initiates the pairing. First, the leader-SIPS pairing means verifies in its 
storage means available keys, selects one (step 230), and generates at first a key availability 
code (step 232) to be transmitted to the follower SIPS (step 234). The key availability code 
identifies a selected key m a ciphered way based on a ciphering code. Only the means 
knowing the ciphering code (the leader and follower SIPSs), the deciphering process, and the 
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list of stored keys can identify the selected key. Since the ciphering code is calculated in the 
same way as the verification signal (on the basis of the correspondence codes), the ciphering 
code is secret. A suitable means may find the ciphering code only if it knows both the 
ciphering algorithm and the two correspondence codes. 

(0090) Upon receiving the key availability code, the follower SIPS verifies the key correspondence 
through an enciphering process of all stored keys and through a comparison of the ciphering 
results with the transmitted key availability code (step 236). Afterwards, the follower SIPS 
transmits a key availability response to the first SIPS (step 238). 

(009 1 ) If flie key verification process fails, the follower SIPS repeats the same process; therefore, the 
SIPSs switch their status (step 240). Accordingly, the new leader SIPS identifies a new key 
availability code among the generated ones (step 242) and sends it back to the new followw 
SIPS (step 234). This process continues until an ending status is reached, whether an 
available key on both SIPS is identified or no common keys are available. 

(0092) Afterwards, the same process repeats itself for the key identifier (steps illustrated as the 
global step 246). 

(0093) If no correct key or key identifier is found, the process is aborted. Each user is informed that 
the pairing process has failed (step 244). At least one of the users can get a new SIPS with 
greater key and key identifier availability. 

(0094) The user is invited to enter the correspondent data (step 335 - figure 18) either when the two 
SIPSs have found a correct key and key-identifier combination or -wbsn the correspondence 
code is entered. When all these steps are completed, each SIPS updates the information in the 
storage means on the basis of the newly established pairing (step 227). 

1 1 .2. Dynamic SIPS Pairing - New Group Pairing 

(0095) When multiple users want to securely communicate with each other, they have the option of 
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individually pairing with each other, or to create a group of correspondents. Members of a 
group have the freedom of getting access to all messages secured on the basis of the SIPS 
group information, regardless of the sender's identity. A group may be created during the 
initial setting of the SIPSs. It may also be dynamically created subsequently. Group 
membership can also be acquired, provided the group leader accepts the new member. 

(0096) To complete a group pauing, group members elect a group leader, and the other users 
become group followers. The group members establish a pairing code (step 250) as in the 
individual pairing process. Each user, through his FIPS, initiates the pairing process. They 
authenticate themselves. They identify the pairing process as a group pairing and their status, 
either as leader or as follower. They provide group identification and enter the pairing code 
in their SIPS. In response, each member receives either the leader's or a follower's sharing 
code. All followers get the same follower sharing code (step 252). 

(0097) The leader transmits the leader's sharing code to all followers and receives the follower 
sharing code from at least one follower in the group (step 254). 

(0098) Afterwards, the group members establish conmiunication between their SIPSs (step 256), the 
higher the number of linked group members communicating, the better the group pairing 
result Each follower enters the received sharing code (step 258). Afterwards, the leader 
checks each follower (step 260). If a follower fails the verification, the SIPS is automatically 
rejected &om the remaining part of the pairing process. When all communicating SIPSs have 
been accepted or rejected, the leader SIPS sends a key availability code to all accepted 
followers {step 262), with each of them accepting or rejecting the proposed key (step 264), 
The process continues until all followers in communication have accepted the proposed key 
or until an ending state is reached. The same process repeats itself for the key identifier 
availability code. When the key and key-identifier ending state is reached, the leader SIPS 
sends a confirmation combination to all of the follower SIPSs in conmiunication. The 
confirmation combmation is determined on the basis of the proposed combination responses. 
The SIPSs with an available key and key identifier, which correspond to the confirmation 
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combination, update the information in their storage means. The other SIPSs inform their 
users that it is impossible to establish group membership without a new SIPS. Accordingly, 
the group is then created on the leader SIPS and at least one of the follower SIPS. 

1 1 .3. Dynamic SIPS Pairing - Existing Group Pairing 

(0099) When a new member wants to join a group, either as a new member or for any other reason 
such as the SIPS having no available key and key identifier corresponding to the 
confirmation combination, the new member SIPS establishes communication with the group 
leader. 

(00100) Accordingly, the new group member contacts the group leader, who provides the new group 
member with the leader group correspondence code. Since the leader SIPS stores the leader 
correspondence code and the verification code, the group leader may retrieve the leader 
correspondence code of the group through its FIPS. 

(00101) Afterwards, the process is highly similar to the single-correspondent pairing process. The 
leader and tiie new member activate tiieir First and Second IPSs. They initiate the pairing 
process, which includes identifying flie pairing type, entering the leader correspondence code 
and group information for the new member. They establish communication between the 
SIPSs. The new member SIPS communicates the verification code to the leader SIPS, witii 
tiie leader SIPS accepting or rejecting the new member SIPS. If the new member is accepted, 
the leader SIPS communicates the confirmation code used when the group was initially 
established to tiie new member SIPS, tiiis one confirming reception and availability of the 
leader SIPS. 

(00102) If tiie combination sent is available in tiie SIPS of tiie new member, tiie SIPS is accordingly 
updated. Otfierwise, the new member is required to get a new SIPS to become member of the 
group. 

1 1 .4. General Comments on Pairing 
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(00103) Communication of ciphered results rather than ciphered proposed keys and key identifiers is 
one proposed solution for that process. It is advantageous by preventing the communication 
of the keys, which should stay secret and therefore never be communicated. However, others 
may choose other solutions for that problem. One of the possible alternatives for that process 
is to commimicate key and key identifier in combination. 

12. Structural Overview 

(00104) Since a single SIPS is conmionly used for the process comprising the encryption, the 
decryption and the pairing, the following provides a structural summary of a typical SIPS 
suitable for all these steps. Accordingly, a structural overview of a FIPS is also provided in 
the same manner. 

12.1. Structural Overview - First Information Processing System (FIPS) 

(00105) Accordingly, the figure 22 illustrates a FIPS capable of the three processes. The FIPS 
comprises conmiunication means, authentication means, correspondent selection means, 
storage means, key designation means, encryption/decryption means (since they are usually 
configured mto a single meanmgful structure), and secured data integration and extraction 
means (also usually combined). The FIPS may also include, when deemed appropriate, 
random number generation means providing necessary data for the key determination means 
to randomly determine keys. The FIPS may include algorithm selection means to detemiine 
algorithm each time an encryption has to be done. A sensitive-data evaluation means may 
also be comprised m order to secure the SIPS sensitive data with the FIPS when the data 
level of sensitivity is very high, or when the amount of sensitive data is under a 
predetermined threshold. Communication control means may also be comprised to prevent 
espionage through a conmiunication port vAien securing data. The FIPS may comprise 
automatic deletion means to protect unsecured data to be accessed after the securing process. 
Fmally, anti-spy means may also be included in order to prevent a spy agent hidden in the 
FIPS to gain knowledge of the securing process. 

12.2. Structural Overview - Second Information Processing System (SIPS) 
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(00106) A summarized Ulustration of the SIPS is provided through the figure 23. The SIPS includes 
communication means, authentication means, storage means, encryption/decryption means 
(usually combined), and secured data integration and extraction means (also usually 
combined). An unlocking code generation means may be included to generate an unlocking 
code upon reception of too many erroneous-identification data signals. A puzzling means 
may also be comprised in the SIPS. A random number generation means and/or other 
determination means may also be comprised m the SIPS to complete the determination 
associated with the encryption. 

(00107) Accordingly, while the invention has been described in connection wdth the specific 
embodiments thereof, it will be understood that the invention is capable of fiuther 
modifications. It is the intent to cover applications comprising any variations, uses, or 
adaptations of the invention following, in general, the principles of the invention. It is also 
the intent to cover applications including departures fix)m the present disclosure which may 
come torn common knowledge or customary practice within the art to which the invention 
pertains. These applications will find their essential features herem set forth in the scope of 
the appended claims. 
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